Russian security giant Kaspersky Lab is moving a number of its core processes from Russia to Switzerland. This includes customer data storage and processing for most regions, as well as software assembly, including threat detection updates. It is also opening its first Transparency Centre.

The moves are part of what the company calls its Global Transparency Initiative, announced in October 2017.

Eugene Kaspersky, founder and CEO of Kaspersky Lab, said: "In a rapidly changing industry such as ours we have to adapt to the evolving needs of our clients, stakeholders and partners.

"Transparency is one such need, and that is why we've decided to redesign our infrastructure and move our data processing facilities to Switzerland. We believe such action will become a global trend for cyber security, and that a policy of trust will catch on across the industry as a key basic requirement."

A matter of trust

Kaspersky lab has had several issues with the US government, due to its Russian origins, and the fact that founder and CEO Eugene Kaspersky attended a KGB college.

In September last year, the US Department of Homeland Security ordered government departments and agencies to stop using Kaspersky Lab products from the Russia-based firm, despite the fact that there was no evidence that the company ever colluded with the Russian government.

December 2017 saw Lithuania banning the use of Kaspersky software within certain critical national industries, including energy, finance and transport. Only last week, the Dutch government said it plans to phase out Kaspersky Lab software as a "precautionary measure" to "guarantee national security".

Global transparency

According to Kaspersky Lab, its Global Transparency Initiative reflects its ongoing commitment to assuring the integrity and trustworthiness of its products.

"The new measures are the next steps in the development of the initiative, but they also reflect the company's commitment to working with others to address the growing challenges of industry fragmentation and a breakdown of trust. Trust is essential in cyber security, and Kaspersky Lab understands that trust is not a given; it must be repeatedly earned through transparency and accountability."

The company says by the end of next year, it will have established a data centre in Zurich and in this facility, will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, and more countries are set to follow.

It will also relocate its 'software build conveyer' to Zurich. This is a set of programming tools used to assemble ready-to-use software out of source code. Before the end of this year, its products and threat detection rule databases will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide.

It says this will allow all newly assembled software to be verified by an independent organisation and show that software builds and updates received by customers match the source code provided for audit.

Kaspersky Lab also said that the source code of its products and software updates will be made available for review by responsible stakeholders in a Transparency Centre to be hosted in Switzerland, and which will be opened this year.